Re: Can't get MS Access via ODBC (or MapServer) to 'see' the data unless the user is a 'super user'... - Mailing list pgsql-novice

 Its strange that it works in PhpPgAdmin unless you aren't really logging in as Fred as you think you are.

Assuming your privledges are set correctly on your group, I would suspect that maybe you don't have Fred set to inherit
rightsfrom parent roles.
 

That threw me for a loop the first time I saw it that you can have a role that is not set to inherit rights from its
parentroles.  So in order for it to use the rights of its parent, it has to do a set role or be set to inherit.
 

So to make sure a login is set to inherit rights from its parent role, make sure you have something like

CREATE ROLE fred LOGIN
  NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE;
GRANT mapservgroup TO fred;

Hope that helps,
Regina

-----Original Message-----
From: pgsql-novice-owner@postgresql.org [mailto:pgsql-novice-owner@postgresql.org] On Behalf Of Greg Cocks
Sent: Friday, November 30, 2007 2:58 PM
To: PostgreSQL List - Novice
Subject: [NOVICE] Can't get MS Access via ODBC (or MapServer) to 'see' the data unless the user is a 'super user'...

Hello,

Yep, a newbie, at least to PostgreSQL + ODBC / MapServer...   :-)

I have:

 - built and populated a PostgreSQL database (including PostGIS, in case that matters in this case)

 - set up ODBC (using psqlodbc-08_02_0500), using the Unicode version as a System DNS

 - successfully connected to the tables in PostgreSQL from an Access 'front end' I built, updated tables, etc, etc


The user in PostgreSQL/ODBC was a super user - lets call that user FRED...


Wanting now to 'lock this down' a bit security-wise, I:

 - set FRED as *not* being a Super User

 - made a new group role, lets call that grpWrite

 - assigned (sic) FRED to grpWrite

 - set the GRANT permissions on all the non-system tables to be SELECT, INSERT, DELETE and UPDATE (took me a bit to
findand use that function!), so the grpWrite privileges on each non-system table reads 'arwdx' 
 

 - *tested FRED with phpPgAdmin - works just as expected*, full read write access to the data - but NOT things such as
vacuum,etc
 

 - checked the TEST on my ODBC driver, 'CONNECTION SUCCESSFUL'

When I go to the Access 'front end' now, I can refresh all the tables in the Linked Table Manager (suggest the CONNECT
isA-OK) but when I try and view data in a table, etc I get the error in MS Access:
 

    ODBC--call failed
    ERROR: permission denied for relation <table_name>;
    Error while executing the query (#7)

Tried, with no luck:

 - setting the GRANT on the group role to include REFERENCES

 - opening the MS Access database on the PostgreSQL server

 - as a last resort, setting the GRANT in grpWrite to ALL

The minute I change FRED back to being a Super User, works like a charm...

** Suggestions and experiences gratefully accepted! **

Note that MapServer has the same need for FRED (sic) to be a Super User...

Thanks in advance!



----------
Regards,
GREG COCKS
GIS Analyst V
Gcocks |at| stoller.com
S. M. Stoller Corp
105 Technology Drive, Suite 190
Broomfield, CO 80021
www.stoller.com
303-546-4300
303-443-1408 fax
303-546-4422 direct
303-828-7576 cell


---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
       choose an index scan if your joining column's datatypes do not
       match
-----------------------------------------
The substance of this message, including any attachments, may be
confidential, legally privileged and/or exempt from disclosure
pursuant to Massachusetts law. It is intended
solely for the addressee. If you received this in error, please
contact the sender and delete the material from any computer.